Thanks Jason; I thought it might be interesting. I taught martial arts for a few years and studied for more than a few years. There are a great many parallels or simularities between what I learned in the martial arts and the military that lend themselves to security (even in the IT centric security world). Perhaps even more importantly in IT because over the years I have noticed how easy it is for IT folk to over focus on the technology and forget about the people and process that utilize said technology. A lot of simple, low cost tactics get overlooked when we focus too heavily on the technology; now granted, some of those low cost techniques can often be riskier to the attacker... but overall? Still pretty easy in most cases to break the people before the technology for a targeted attack.

I have seen many investments in technology that were not equally supported by commensurate investments in the people or processes associated to that technology. In such scenarios you end up with a very unbalance triad.

Wink